Install a systemd sysusers config file for the qemu & kvm user/groups. We can not use the sysusers_create_compat macro in the RPM specfile to create those users as we want to keep the specfile standalone and not relying on additionnal files. Update the specfile to make the commands closer to what is generated by the current macro. See: https://src.fedoraproject.org/rpms/libvirt/pull-request/22 See: https://gitlab.com/libvirt/libvirt/-/merge_requests/319 See: https://docs.fedoraproject.org/en-US/packaging-guidelines/UsersAndGroups/ Based on previous work by: Peter Krempa <pkrempa(a)redhat.com&gt; Signed-off-by: Timothée Ravier <tim(a)siosm.fr&gt; --- libvirt.spec.in | 21 +++++++++++++-------- src/qemu/libvirt-qemu.sysusers.conf | 4 ++++ src/qemu/meson.build | 7 +++++++ 3 files changed, 24 insertions(+), 8 deletions(-) create mode 100644 src/qemu/libvirt-qemu.sysusers.conf diff --git a/libvirt.spec.in b/libvirt.spec.in index 8413e3c19a..a411ac6515 100644 --- a/libvirt.spec.in +++ b/libvirt.spec.in @@ -1473,6 +1473,7 @@ chmod 600 $RPM_BUILD_ROOT%{_sysconfdir}/libvirt/nwfilter/*.xml %if ! %{with_qemu} rm -f $RPM_BUILD_ROOT%{_datadir}/augeas/lenses/libvirtd_qemu.aug rm -f $RPM_BUILD_ROOT%{_datadir}/augeas/lenses/tests/test_libvirtd_qemu.aug +rm -f $RPM_BUILD_ROOT%{_sysusersdir}/libvirt-qemu.conf %endif %find_lang %{name} @@ -1834,16 +1835,19 @@ exit 0 %pre daemon-driver-qemu %libvirt_sysconfig_pre virtqemud %libvirt_systemd_unix_pre virtqemud + # We want soft static allocation of well-known ids, as disk images -# are commonly shared across NFS mounts by id rather than name; see -# https://fedoraproject.org/wiki/Packaging:UsersAndGroups -getent group kvm >/dev/null || groupadd -f -g 36 -r kvm -getent group qemu >/dev/null || groupadd -f -g 107 -r qemu -if ! getent passwd qemu >/dev/null; then - if ! getent passwd 107 >/dev/null; then - useradd -r -u 107 -g qemu -G kvm -d / -s /sbin/nologin -c "qemu user" qemu +# are commonly shared across NFS mounts by id rather than name. +# See https://docs.fedoraproject.org/en-US/packaging-guidelines/UsersAndGroups/ +# We can not use the sysusers_create_compat macro here as we want to keep the +# specfile standalone and not relying on additionnal files. +getent group 'kvm' >/dev/null || groupadd -f -g '36' -r 'kvm' || : +getent group 'qemu' >/dev/null || groupadd -f -g '107' -r 'qemu' || : +if ! getent passwd 'qemu' >/dev/null; then + if ! getent passwd '107' >/dev/null; then + useradd -r -u '107' -g 'qemu' -G 'kvm' -d '/' -s '/sbin/nologin' -c 'qemu user' 'qemu' || : else - useradd -r -g qemu -G kvm -d / -s /sbin/nologin -c "qemu user" qemu + useradd -r -g 'qemu' -G 'kvm' -d '/' -s '/sbin/nologin' -c 'qemu user' 'qemu' || : fi fi exit 0 @@ -2246,6 +2250,7 @@ exit 0 %{_bindir}/virt-qemu-run %{_mandir}/man1/virt-qemu-run.1* %{_mandir}/man8/virtqemud.8* +%{_sysusersdir}/libvirt-qemu.conf %endif %if %{with_lxc} diff --git a/src/qemu/libvirt-qemu.sysusers.conf b/src/qemu/libvirt-qemu.sysusers.conf new file mode 100644 index 0000000000..3189191e73 --- /dev/null +++ b/src/qemu/libvirt-qemu.sysusers.conf @@ -0,0 +1,4 @@ +g kvm 36 +g qemu 107 +u qemu 107:qemu "qemu user" - - +m qemu kvm diff --git a/src/qemu/meson.build b/src/qemu/meson.build index 4c3e1dee78..7a0e908a66 100644 --- a/src/qemu/meson.build +++ b/src/qemu/meson.build @@ -160,6 +160,13 @@ if conf.has('WITH_QEMU') configuration: qemu_user_group_hack_conf, ) + # Install the sysuser config for the qemu driver + install_data( + 'libvirt-qemu.sysusers.conf', + install_dir: prefix / 'lib' / 'sysusers.d', + rename: [ 'libvirt-qemu.conf' ], + ) + virt_conf_files += qemu_conf virt_aug_files += files('libvirtd_qemu.aug') virt_test_aug_files += { -- 2.43.0